From 6e2a998a75b79c4ec799fba2272950ca68054dcb Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 19 Apr 2006 22:58:05 +0000 Subject: r15140: first draft of 3.0.23pre1 release notes --- WHATSNEW.txt | 339 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 335 insertions(+), 4 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index fdcfc6045d0..54953d6e109 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,336 @@ + ================================== + Release Notes for Samba 3.0.23pre1 + Apr 20, 2006 + ================================== + +This is a preview release of the Samba 3.0.23 code base and +is provided for testing only. This release is *not* intended +for production servers. There has been a substantial amount +of development since the 3.0.21 series of stable releases. +We would like to ask the Samba community for help in testing +these changes as we work towards the next significant production +upgrade Samba 3.0 release. + +There has been a substantial amount of cleanup work done +during this development cycle. Two weeks of development time +was dedicated to fixing bugs reported by the Coverity source +code scans. Details can be found at in the following two +articles: + + http://news.samba.org/#coverity_zero_bugs + http://news.samba.org/#zdnet_quick_response + + + +Common bugs fixed in 3.0.23pre1 include: + +New features introduced in 3.0.23pre1 include: + + +###################################################################### +Changes +####### + +Changes since 3.0.21/22 +----------------------- + +smb.conf changes +---------------- + + Parameter Name Action + -------------- ------ + acl group control Deprecated + add port command New + dos filemode Modified behavior + enable asu support New default (no) + enable privileges New default (yes) + host msdfs New default (yes) + msdfs root New default (yes) + open files database hash size New + strict locking New default (auto) + winbind enum users New default (no) + winbind enum groups New default (no) + winbind nested groups New default (yes) + winbind max idle children Removed + + +commits +------- +o Jeremy Allison + * BUG 3467: Fix delete on close semantics needed by WinXP Media + Center Ed. for simultaneous recording and playback (thanks to + Jason Qian for the debugging assistance). + * BUG 3347: Save the Unix user token used to set the + delete-on-close flag. + * Fix parsing of SAMR_Q_CONNECT_ANON. + * Add in support for userinfo26 structure and re-enable + userinfo25 + * Schannel server fixes. Fix the credentials chaining across + \netlogon pipe disconnects. + * Replace ubqix code in nmbd with an internal tdb. + * Fix struct timespec checks in configure.in. + * Add in server support for the NetSamLogonEx(). + * Add support for LsaLookupSids2() and LsaLookupSids3(). + * Add LsaLookupNames[2-4](). + * Add support for 'net usershare'. + * BUG 3522: Fix error code return on SMBmkdir(foo) when foo + already exists (thanks to Sandeep Tamhankar). + * BUG 3510: Fix 'net rpc join' against a server when + schannel is disabled. + * Get rid of poor errno mapping table. Bounce through NTSTATUS + instead. + * Check for SeMachineAccountPrivilege when deleting machine + accounts. + * Fix a logic bug with multiple oplock contention. + * Add the replacements for opendir/readdir etc from SAMBA_4_0. + Attempt to fix the broken directory handling in the *BSD. + * Allow run time tuning of the locking tdb hash size for + very busy servers. + * BUG 3642: Ensure we don't call FD_SET on read with + fd == -1. + * BUG 3569: Work around linear posix locking issue on AIX + which was causing high loads due to the tdb CLEAR_IF_FIRST + flag (based on work from William JoJo). + * Fix OS/2 directory delete bug found by kukks. + * Match the Windows 2003 NTLMSSP signature. + * Performance tuning work in core read & write file serving + paths. + * Change default to 'strict locking' to better reflect + real world clients. + * Fix error return on session setup. Ensure no data blob is + added if the logon call failed so that Windows clients + interpret the NT_STATUS code correctly. + + + +o Alexander Bokovoy + * Fix 'smbcontrol shutdown' messages for nmbd and winbindd. + + +o Max N. Boyarov + * Fix crash bug in perfmon daemon example code. + + +o Gerald (Jerry) Carter + * Rewrite of tdbsam file descriptor handling. + * Add server affinity support when selecting a remote + domain controller. + * Remove chaining of passdb modules. + * Generate a local users primary group SID based on his + or her primary Unix group rather than storing the attribute + in the passdb entry. + * Default primary group SID to 'Domain Users' if the real Unix + primary group maps to the S-1-22-2 domain. + * Refactor memory management in passdb user objects. + * RHEL and Fedora packaging fixes. + * Implement XcvDataPort() spooler call and supporting 'add + port command'. + * BUG 3534: Ignore lines in the username map file with no right + hand list. + * Add support for the experimental %(DomainSID) smb.conf + variable. + * Add support for parsing SIDs in smb.conf value lists. + * Fix vuid allocation in Kerberos SMBsessetup reply. + * Ensure that local group membership is included in the + getgroups() NSS reply. + * Automatically create a BUILTIN\{Administrators,Users} if + winbindd is running. + * Automatically grant all privileges to members of the local + Administrators group. + * Protect against NULL cli_state* pointers in + cli_rpc_pipe_open(). + * Add a SUBSTR matching rule the the Samba LDAP schema + file for the sambaSID attribute. This will allow for + Searching group mapping entries within a given domain + without reorganizing the directory namespace. Also + requires 'index sambaSID sub' in slapd.conf. + * Fix parsing of 'idmap uid/gid' values that broke when + the range included any whitespace. + * Support renaming local groups (protect against renaming + BUILTIN groups). + * Do not allow the root account to be deleted via MS-RPC. + * Fix RID allocation to skip over RIDs that resolve in our + own domain (work around upgraded users and groups). + * Store the name/ip address combination when we do a reverse + look up in case future forward lookups would fail. + Fixes cases where a DC name could not be resolved via + NetBIOS queries, + * Allow winbindd to run on standalone servers in order to + provide support for local groups. + * Deprecate 'acl group control' and replace it with added + functionality to 'dos filemode'. + * Ensure that all global memory is freed from pam_winbind + when unloading the shared library (based on work from Arkady + Glabek). + * Fix 32-bit/64-bit portability issues between PAM & NSS winbind + libraries and winbindd. + * Add defensive checks about create local accounts (i.e. calling + 'add user script') on domain member servers when winbindd + is running but having problems. + + +o Guenther Deschner + * Enhancements to various commands in rpcclient + * Don't force 'Administrator' to change an expired password on + logon. + * Add support for offline mode in winbindd. + * Provide support in pam_winbind for initializing a user's + ticket cache. + * Implement samr_chgpasswd_user3 server-side. + * Make pam_winbind more robust when detecting domain users. + * Add client side support for SAMR_GET_USRDOM_PWINFO. + * Re-enable strict checking on C++ reserved keywords since Heimdal + 0.7.2 has been released. + * Allow renaming of machine accounts in a Samba domain. + * BUG 3539: Let winbindd try to obtain the gecos field from + the msSFU30Gecos attribute when "winbind nss info = sfu" is + set. + * Correctly handle acb_info/acct_flags as uint32 not as uint16. + * Return the real ACB-flags in the SamLogon() reply. + * Some client side cleanup for the samr set security object + functions. + * Make sure we always reset the userAccountControl bits when + re-joining (net ads join) with an existing account. + * Document some more MSV1_0 bits and their behavior. + * Only set the last rebind timestamp when we did rebind + after a update LDAP operation to avoid the ldap replication + sleep period. + * Fix incorrect error checking in winbindd for domains with + no trusts. + * Consolidate the parsing of the Krb5 PAC and NET_USER_INFO3 + structure. + * Work around crash bug in MIT krb5 libs when reading a + keytab file. Stop trying to decrypt a ticket as soon as + we have a clear indication that the ticket is bad. + * Merge DCERPC_FAULT constants from the SAMBA_4_0 tree. + * Adding client side samr querygroup infolevels 2 & 5. + * Make smbpasswd -a root work for eDirectory where there + is no "account" structural objectclass. + * Make sure we only send out a CLDAP request (net ads) to + an connected AD server. + * Fix a broken LDAP search filter when looking for groups. + * Add in-tree version of iniparser library from + http://ndevilla.free.fr/iniparser/ for use by pam_winbind + (rather than linking in loadparm.c). Settings are now stored + in /etc/security/pam_winbind.conf. + + + +o Mathias Dietz + * EPERM can be a valid return from getting an xattr. + Don't disable if we get it. + + +o Aleksey Fedoseev + * Fix crash bug in the file locking code. + + +o Arek Glabek + * Fix parsing error on input parameters in eventlogadm. + + +o Bjoern Jacke . + * Fix EA support on AIX platforms. + * Automatically disable file shares with no explicit path set. + * Remove the local hack to set the RO bit on directories in + user profiles when profile acls = yes. Rely on EAs instead. + * Compile fixes for Solaris LDAP client libs. + * Add DMAPI/XDSM support for AIX. + * Find JFS DMAPI libs on Linux when only they are available. + + +o William JoJo + * Fix VFS builds on AIX platforms. + + +o Volker Lendecke + * Dynamically compute the maximum password age based no the + last change time rather than reading the must change time + from the passdb record. + * Rewrite mechanisms for handling lookup_{name,sid} resolution. + * Assign unmapped users to the S-1-22-1 domain and unmapped + groups to the S-1-22-2 domain + * Disable algorithmic mapping for RIDs in tdbsam & ldapsam + * Remove sql passdb backends. + * Implement rpccli_samr_set_domain_info() + * Add initial support for 'net sam' command. + * BUG 2413: Remove anonymous connections in 'net rpc info'. + * Implement asynchronous support for trans2 calls. + * Make smbclient -L use RPC to list shares, fall back to RAP. + * Merge tdb code (including transactional support) from + the SAMBA_4_0 tree. + * Unsure that the global SAM SID is initialized before any + dependent routines are called. + + +o Derrell Lipman + [libsmbclient] + * Fix bug causing previous settings to be re-initialized + when parsing new configuration files. + * BUG 3446: Don't ignore the authentication domain when parsing + the SMB URI. + * Fix cli_setpathinfo() to actually do what it's supposed to. + * Fix libsmbclient to make correct use of the new "one connection + per server feature". + + +o Jason Mader + * Compiler warning fixes. + + +o Jim McDonough + * Prevent machines and users with no home directory from + getting the previous entries home path when migrating via + 'net rpc vampire' (based on a patch from Richard Renard). + * Remove hard-coded LDIF names when dumping a migrated + domain's users and groups. + * BUG 1374: Can't join an OU with name that contains '#'. + + +o Stefan Metzmacher + * Add improved support for 'make test' including making + use of smbtorture from SAMBA_4_0. + * Add --no-process-group to all server programs + (e.g. timelimit 20000 bin/nmbd -F -S --no-process-group). + * Add configure tests --with-selftest-prefix=/tmp/samba-test + + +o Lars Müller + * Add -k switch to tdbdump for accessing a single key. + * Debian packaging fixes. + * Add -t|--password-from-stdin option to pdbedit as we had + with Samba 2.2. + * Various minor fixes to install scripts used by 'make install'. + + +o James Peach + * Add support for FAM for file change notification. + * Disable sendfile if the 'write cache;' has been enabled. + * Refactor capability interface from being IRIX-specific to + using only the POSIX interface. + * Consolidate core dumping code to aid in debugging. + * Add support for libunwind to generating a backtrace. + * BUG 3490: Don't test for ldap or krb5 libs if --without-ldap + and --without-ads are specified. + * Allow the user to set winbind nss timeouts in seconds on IRIX. + + +o Simo Sorce + * Ensure that sid -> group conversion are done as root. + * BUG 3413: Sanity check for existence of 'ldap admin + dn' before setting a password in secrets.tdb (based on + work by William Jojo). + * New revision of the snprintf replace code. + + +o ISHIKAWA Tomonori + * BUG 2715: Fix nmbd datagram comment buffer size for multibyte + character strings + + +Release Notes for older release follow: + + -------------------------------------------------- ============================== Release Notes for Samba 3.0.22 Mar 30, 2006 @@ -33,8 +366,6 @@ to use winbindd). ======= -Release Notes for older release follow: - -------------------------------------------------- =============================== @@ -372,7 +703,7 @@ o Makr Proehl o Simo Sorce * Crackcheck utility enhancement based on patch sent by Tom Geissler. - * BUG 3405: Fix segv ni vfs_recycle module on platforms wither + * BUG 3405: Fix segv in vfs_recycle module on platforms wither mode_t is not 32-bits. @@ -747,7 +1078,7 @@ o Jim McDonough o Stefan Metzmacher * Fix setting of quotas on linux kernel with the struct if_dqblk interface - * Enable sysquota interfact on Linux by default + * Enable sysquota interface on Linux by default * Use lp_socket_address() when binding to port 138/udp in nmbd. -- cgit v1.2.1